<?php 
/*
 *  This file is part of Urd.
 *
 *  Urd is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *  Urd is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program. See the file "COPYING". If it does not 
 *  exist, see <http://www.gnu.org/licenses/>.
 * 
 * $LastChangedDate: 2008-07-10 23:59:20 +0200 (Thu, 10 Jul 2008) $
 * $Rev: 1285 $
 * $Author: gavinspearhead $
 * $Id: register.php 1285 2008-07-10 21:59:20Z gavinspearhead $
 */
define('ORIGINAL_PAGE', $_SERVER['PHP_SELF']);

$pathreg = realpath(dirname(__FILE__));
$pathca = realpath($pathreg. '/../functions/');
session_name('URD_WEB_REGISTER'. md5($pathca)); // add the hashed path so we can have more than 1 session to different urds in one browser
@session_start();

require_once "$pathreg/../config.php";
$process_name = 'urd_web'; // needed for message format in syslog and logging 

if (isset($config['urdweb_logfile']))
	$config['log_file'] = $config['urdweb_logfile'];
else 
	$config['log_file'] = '/dev/null';

require_once "$pathreg/../functions/urd_log.php";
require_once "$pathreg/../functions/autoincludes.php";
require_once "$pathreg/../functions/defaults.php";
require_once "$pathreg/../functions/functions.php";

try {
	$db = connect_db();  // initialise the database
} catch (exception $e) {
	echo "Connection to database failed.\n";
	die;
}

$prefs = load_config($db);
require_once "$pathreg/../functions/exception.php";
require_once "$pathreg/../functions/web_functions.php";
require_once "$pathreg/../functions/mail_functions.php";
require_once "$pathreg/../html/fatal_error.php";
require_once "$pathreg/../functions/urdversion.php";
require_once "$pathreg/../functions/defines.php";
require_once "$pathreg/../functions/smarty.php";


// initialise some stuff
$subpage = '';
if (!isset($prefs['register']) || $prefs['register'] == 0)
	fatal_error ($LN['reg_disabled']);

$title = $LN['reg_title'];

if (isset($_POST['submit_button'])){
	if (isset($_POST['username']) && trim($_POST['username']) != '') 
		$username = trim($_POST['username']);
	else
		fatal_error($LN['error_invalidusername']);
	if (isset($_POST['fullname']) && $_POST['fullname'] != '') 
		$fullname = trim($_POST['fullname']);
	else
		fatal_error($LN['error_invalidfullname']);
	if (isset($_POST['email']) && $_POST['email'] != '' && verify_email($_POST['email'])) 
		$email = trim($_POST['email']);
	else
		fatal_error($LN['error_invalidemail']);
	if (isset($_POST['password1']) && $_POST['password1'] != '') {
		$password1 = trim($_POST['password1']);
		$pwmsg = verify_password($password1, $username);
		if ($pwmsg !== TRUE)
			fatal_error($pwmsg);
	} else
		fatal_error($LN['error_invalidpassword']);
	if (isset($_POST['password2']) && $_POST['password2'] != '') {
		$password2 = trim($_POST['password2']);
		if ($password1 != $password2)
			fatal_error($LN['error_pwmatch']);
	} else
		fatal_error($LN['error_invalidpassword']);

	$active = USER_PENDING;
	$isadmin = USER_USER;
	$query = "SELECT \"ID\" FROM users WHERE \"name\"='$username'";
	$res = $db->execute_query($query);
	if ($res === FALSE) {
		add_user($db, $username, $fullname, $email, $password1, $isadmin, $active, 'C');
	} else 
		fatal_error($LN['error_userexists']);

	$token = generate_password(200);

	$sql = "UPDATE users SET \"token\"='$token', \"active\"='" . USER_PENDING  . "' WHERE \"name\" = '$username'";
	$db->execute_query($sql);
	mail_activation($db, $username, $fullname, $email, $token, $prefs['admin_email']);
	header('Location: register.php?sent');
} else if (isset($_GET['sent'])) {
	$subpage = 'sent';	
} else if (isset($_GET['activate']) && isset($_GET['username'])) {
	$username = $_GET['username'];
	$token = $_GET['activate'];
	$time = time();
	$sql = " * FROM users WHERE \"name\"='$username' AND \"token\"='$token' AND \"active\" = '" . USER_PENDING . "'";
	$res = $db->select_query($sql, 1);
	if ($res === FALSE) 
		fatal_error($LN['error_nosuchuser']);
	$row = $res[0];
	$id = $row['ID'];
	if (($row['regtime'] + (60*60*24)) <= $time) {
		delete_user($db, $id);
		fatal_error($LN['error_acctexpired']);
	}
	$auto_reg = $prefs['auto_reg'];
	if ($auto_reg == 0)
		$active = USER_INACTIVE;
	else 
		$active = USER_ACTIVE;
	$sql = "UPDATE users SET \"active\" = '$active', \"token\"='' WHERE \"ID\" = '$id'";
	$res = $db->execute_query($sql);
	$admin_email = $prefs['admin_email'];
	mail_admin_new_user($db, $username, $row['fullname'], $admin_email, $admin_email);
	if ($active == USER_ACTIVE)
		$subpage = 'activated';
	else 
		$subpage = 'pending';
} else 
	$subpage =  'form';

$smarty->assign('menu',			generate_menu($LN));
$smarty->assign('subpage',	$subpage);
$smarty->assign('title', 'URD - ' . $title);
$smarty->display('register.tpl');

?>
